NSA-resistant? Sync files without storing them in the cloud.

BitTorrent, Inc. today plans to release a beta version of BitTorrent Sync, software that provides Dropbox-like syncing using the same peer-to-peer file sharing technology that powers BitTorrent clients. Some new features—including "mobile apps and an archive capability for retrieving previous versions of synced files," BitTorrent said—have been added since we went hands-on with the alpha version of the software back in April.

The "SyncArchive" feature "is a basic versioning capability introduced with the Beta. It will include a folder where you can see all previous versions of your files," BitTorrent's announcement said. "Unobtrusive and searchable, this feature has been in high demand and will evolve over time."

The beta version of BitTorrent Sync is expected to go live at noon Eastern time and will be available for download here. There are various bug fixes, and the beta software should be more stable than the alpha version. There's no word yet on when the software will be robust enough to drop the "beta" label.

BitTorrent Sync for Android.

BitTorrent, Inc.

Serverless sync

The software adds a sync folder to your devices just as services like Dropbox, Google Drive, or SkyDrive do. But instead of signing into a cloud service, Sync uses randomly generated or user-chosen 21-byte keys to sync folders across computers and mobile devices. One-way synchronization and one-time secrets for sharing files are supported.

The service is free and has no limits on file size.

"Because BitTorrent Sync is based on the principles of the BitTorrent protocol, you can sync as many big files as you want," the company said. "Transfers are encrypted, and information isn’t stored on a server in the cloud; data is protected by encrypted keys. Data is never passed through a stranger's computer or is stored on a server. Your files belong to you, and stay on the devices."

Besides Android, Sync has versions for Windows, Mac, Linux, and FreeBSD. BitTorrent Sync can also run on Linux-based Network Attached Storage devices.

Since the alpha launch in April, the software has been used to sync more than 8PB of data, BitTorrent said. "While we have general statistics about the BitTorrent Sync app, we don’t have any access to private information," the company wrote, by way of reassuring people that their data is safe. "The client reports back anonymous usage statistics to check if there’s a new build available and to help improve the app."

BitTorrent also made its pitch that Sync is the software to use for privacy-conscious individuals. "With all of the NSA and PRISM developments of late, consumers are more keenly aware of online privacy and digital security issues," the company said. "As BitTorrent Sync doesn’t rely on servers, your data is never exposed to prying eyes… Likewise, Sync is built in such a way that the product will never shut down. The software will be as usable (and free) in the future as it is today. The user is always in control of their own data."

If you're looking for a weekend project, you might want to check out this May blog post from BitTorrent Digital Creative Manager Dan Brown. Brown describes how he used a Raspberry Pi, BitTorrent Sync, and OwnCloud to create his own "personal cloud."

"I’ve been using [BitTorrent Sync] for syncing several gigabytes of RAW photos and video across my various machines," Brown wrote. "There is the occasional scenario, however, where I’ve wanted to grab a few files, but my other machine is turned off. To solve this problem, I’m using a Raspberry Pi as a low power, always-on device with Sync installed. Just for kicks, I’m also using Owncloud (open source) to provide me with a web interface for accessing my files from any computer, including my mobile phone."

62 Reader Comments

I must say their sync does it right (well a lot better than all other sync "tools"). I can honestly say that most people want to sync without having a service provider or server with only ONE simple feature. When they have to use a service I am usually tasked for about 1 week to find out it's shortcomings. Wow do they have shortcomings and bugs galore. My clients only care to browse a folder on either machine and they both look the same. How hard is that? Judging by all the software out there to do this (and their shortcomings on each) it looks very hard. Some don't sync, some have limitations of folder depth, char depth, file systems, etc. Not to say BitTorrentSync doesn't have some limitations (it does) but nothing that is a show stopper that raises it's head because of file size or because a lazy programmer never thought someone would put a folder shortcut into a folder 3 levels down (an actual bug that stops all sync on a product). Just the native file system limitations so far (that I have seen).

This just works...and works for free. I know of about 20 people who are waiting to dump their dropbox/sharepoint sites once their mobile apps come out. *SPELLING AAAAAW*

Finally I can use cloud computing the way it was meant to be. While everyone whines about big brother somebody is creating solutions. This is the nature of the modern world and I'm ok with it. All that big brother stuff will slow down the dumb criminals. Which by definition is most of them. The normal dumb people will be monitored and corralled and smart folks that actually have ideas that somebody might want to know about will be pretty safe with things like tor and this type of software. The biggest brother in this modern world is Google,Apple,Microsoft. So getting my data out of their hands is my first priority. As inept as our government is at doing things I am much less worried about them.

Does this do delta updates (ala Dropbox) or does the fle need to be fully resycned each time? As an example, if metadata is written to a movie file does the file need to be completely uploaded? Or for the security minded, a larger Truecrypt container?

This might be a good way to sync my Steam games. Steam cloud save has limitations and is not multi-user friendly.

For instance, XCOM ran into its cloud store limit without informing me and started deleting new saves after I had saved them to disk. Cost me a day's worth of play time before I caught on.

In another example, when my wife started playing Skyrim, the game was smart enough to write local saves to her user folder on the local drive, but it would overwrite my cloud saves that I had from my previous games.

For these reasons, I usually turn cloud saves off on Steam, but it would be nice to be able to sync savegame files between computers in a more granular manner.

Does this do delta updates (ala Dropbox) or does the fle need to be fully resycned each time? As an example, if metadata is written to a movie file does the file need to be completely uploaded? Or for the security minded, a larger Truecrypt container?

It didn't in alpha but it's high on their prioritylist. Also truecrypt containers might be a special case. I imagine they don't change 1 to 1 on updates? That would seem like a weakness.

Does this do delta updates (ala Dropbox) or does the fle need to be fully resycned each time? As an example, if metadata is written to a movie file does the file need to be completely uploaded? Or for the security minded, a larger Truecrypt container?

It didn't in alpha but it's high on their prioritylist. Also truecrypt containers might be a special case. I imagine they don't change 1 to 1 on updates? That would seem like a weakness.

I know when using Truecrypt with Dropbox it will do a delta update. I'm not sure if it's moving the exact change in size, but rather than move the entire 5gb+ container, only a portion is updated.

You provide the server. You need at least one machine with local access to the desired files to remain powered on and connected at all times. A RPi hooked to a couple of disks is a reasonable low-power solution.

Being closed source I still would not trust it to hold sensitive files.

Somehow I trust DropBox, but not this guy.

Must be because DropBox doesn't also make piracy software.

/ducks

#youknowitstrue

Whether or not bittorrent is used for piracy, I don't think that makes it "piracy software." But that's not a discussion particularly relevant to this (although I can sorta see where you're coming from, I just don't agree).

There are a ton of other bittorrent clients than the one made by them (didn't they end up buying uTorrent, also?), and I suspect that there are some that are open source. If open source variants of this service were created, based upon their client, that might be a "best of both worlds" situation, so we can hope for that

I used this software to sync some dvd-rips from a computer with a DVD-Rom and one without. For some reason the SMB kept failing halfway through a file transfer (this was all done locally) but this BT Sync app worked like a charm at full LAN speed.

One thing that sort of confused me though is that I didn't have to input an IP address to share with. I just generated a key on the first machine and then sent it over to the other computer over VNC. So it seems to me that the facilitation is done by BitTorrent the company, remotely, then the rest is handled P2P.

So it's not totally 100% reliant only on you and the local folders you want to sync. BitTorrent gets involved to do the matchmaking.

Oh the irony when while toting how awesome a serverless tech is, they end up admitting they had to setup a server to make it work the way they wanted it to.

But in all seriousness I see this tech definitely shaping up to be a good contender for things like OwnCloud if all you want is private file syncing. I would still setup a dedicated server with it so I can always access everything, but so far this is looking far more robust then the alternative, server only approaches. And not to mention having it just continue to work when my server goes down is a huge plus.

So it's not totally 100% reliant only on you and the local folders you want to sync. BitTorrent gets involved to do the matchmaking.

(please correct me if I'm wrong)

You are correct for default setup. However you can disable DHT trackers and other non-local trackers, and you can enter specific machines you want to connect to. So you can bypass them completely if you want.

As for this being closed-source that means I don't trust it with anything sensitive right now, but it's been great for syncing family photos with family around the country. And they do say they'll go open-source eventually.

But that isn't serverless, it is a private server. Products have existed to fill this need for a long time, and it's nothing new. Most of them have sucked, but still...the point is they are advertising it as a product that just works around you without you needing to setup a server. But that is completely bullcrap, since at some point you will still need a server (whether it's your or not is irrelevant, or just leaving your PC on 24/7) to get the same sort of experience you have come to expect from something like DropBox.

But that isn't serverless, it is a private server. Products have existed to fill this need for a long time, and it's nothing new. Most of them have sucked, but still...the point is they are advertising it as a product that just works around you without you needing to setup a server. But that is completely bullcrap, since at some point you will still need a server (whether it's your or not is irrelevant, or just leaving your PC on 24/7) to get the same sort of experience you have come to expect from something like DropBox.

First of all their ARM version runs fine on my NAS - and I suspect on most NAS products, which instantly solves the issue of having a 24/7 server. Secondly you don't really - it depends on your needs. If you need certain instant sync all the time, then yes. If your needs are a bit more relaxed just having a number of regular PCs all syncing with each other might suffice just fine.

When I read this article I mistakenly assumed it would backup my files to a bit torrent swarm. This is a good tool to have but its not much more than a glorified rsync daemon at its core.

I thought the same thing. A little disappointed that this wont let me access my files from anywhere with lightning-fast bittorrent speed.

Build your own swarm. Just stash your files in multiple locations. The more you set up the faster it is.

True but it would be so much more useful if it did not rely on just machines I own to maintain the swarm. If any authority can confiscate my primary machine they can get to my secondary ones too. However, if pieces of my file were distributed to a large bit torrent swarm it would be impossible to confiscate them all.

How is security and encryption of the files handled here? Is it some kind of SSL setup with certificates? Having an external CA means that your files are just as open as when you send it to google or dropbox but you lose backup part of the deal.

Hopefully they handle it properly as it would be nice to have something user friendly for syncing many files and on many different devices.

How is security and encryption of the files handled here? Is it some kind of SSL setup with certificates? Having an external CA means that your files are just as open as when you send it to google or dropbox but you lose backup part of the deal.

Hopefully they handle it properly as it would be nice to have something user friendly for syncing many files and on many different devices.

Basically you set or allow them to set a "secret" which is used to encrypt files which then can only be distributed to and decrypted by other PCs that you have given the secret too.

True but it would be so much more useful if it did not rely on just machines I own to maintain the swarm. If any authority can confiscate my primary machine they can get to my secondary ones too. However, if pieces of my file were distributed to a large bit torrent swarm it would be impossible to confiscate them all.

But then other people have copies of my files. An option is OK, but I like keeping it "in-house" very much more.

How is security and encryption of the files handled here? Is it some kind of SSL setup with certificates? Having an external CA means that your files are just as open as when you send it to google or dropbox but you lose backup part of the deal.

Hopefully they handle it properly as it would be nice to have something user friendly for syncing many files and on many different devices.

Basically you set or allow them to set a "secret" which is used to encrypt files which then can only be distributed to and decrypted by other PCs that you have given the secret too.

It's closed source. How can you guarantee that only your devices can decrypt the files?

How is security and encryption of the files handled here? Is it some kind of SSL setup with certificates? Having an external CA means that your files are just as open as when you send it to google or dropbox but you lose backup part of the deal.

Hopefully they handle it properly as it would be nice to have something user friendly for syncing many files and on many different devices.

Basically you set or allow them to set a "secret" which is used to encrypt files which then can only be distributed to and decrypted by other PCs that you have given the secret too.

It's closed source. How can you guarantee that only your devices can decrypt the files?

It would appear that currently you cannot, but a previous poster mentioned their intentions to go Open Source at some point, which would be great for transparency. Either way, it can't be WORSE for the security of your files than Dropbox, right?

Edit: I know that people have different needs, but as a simple and more flexible alternative to Dropbox, which keeps my files on my computers and no one else's, and supposedly encrypts everything in transit, I'm happy to give it a try.

How is security and encryption of the files handled here? Is it some kind of SSL setup with certificates? Having an external CA means that your files are just as open as when you send it to google or dropbox but you lose backup part of the deal.

Hopefully they handle it properly as it would be nice to have something user friendly for syncing many files and on many different devices.

Basically you set or allow them to set a "secret" which is used to encrypt files which then can only be distributed to and decrypted by other PCs that you have given the secret too.

It's closed source. How can you guarantee that only your devices can decrypt the files?

Honestly, you could show me the source code - and I still wouldn't know if there is something not right going on. So, until someone presents evidence to the contrary I'll trust it does what it says it does.

When I read this article I mistakenly assumed it would backup my files to a bit torrent swarm. This is a good tool to have but its not much more than a glorified rsync daemon at its core.

I thought the same thing. A little disappointed that this wont let me access my files from anywhere with lightning-fast bittorrent speed.

Build your own swarm. Just stash your files in multiple locations. The more you set up the faster it is.

This is really impractical. Even if I did have several locations with independent internet connections (I don't), the combined upstream bandwidth would still be nothing compared to your typical well-seeded torrent. This will likely make it impossible to work with large files in any reasonable timeframe (unless we're talking about LAN-only).

When I read this article I mistakenly assumed it would backup my files to a bit torrent swarm. This is a good tool to have but its not much more than a glorified rsync daemon at its core.

I thought the same thing. A little disappointed that this wont let me access my files from anywhere with lightning-fast bittorrent speed.

Build your own swarm. Just stash your files in multiple locations. The more you set up the faster it is.

This is really impractical. Even if I did have several locations with independent internet connections (I don't), the combined upstream bandwidth would still be nothing compared to your typical well-seeded torrent. This will likely make it impossible to work with large files in any reasonable timeframe (unless we're talking about LAN-only).

I think the assessment of "glorified rsync daemon" is pretty spot-on.

Perhaps, but personally I'm non-plussed about the idea of my files in the cloud to be stored on other peoples computers (not to mention storing their stuff on mine) even if under good encryption. Kinda of the point of Bitorrent Sync is that you are not storing on 3rd party (ala Dropbox) computers.